Bluetooth Audio Devices at Risk: Vulnerabilities Expose User Data
Recent security research has uncovered a series of vulnerabilities affecting Bluetooth-enabled audio devices from a wide range of manufacturers. These flaws, present in chipsets made by Airoha, could possibly allow attackers to eavesdrop on audio streams or even access sensitive user information. With the global Bluetooth headset market projected to reach $44.3 billion by 2028 (according to Grand View Research), the scope of this issue is significant.
Affected Devices and Manufacturers
The vulnerabilities impact 29 different devices across ten prominent brands, including Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel. The affected product categories span a broad spectrum of audio equipment, encompassing wireless speakers, earbuds, headphones, and professional wireless microphones. This widespread impact highlights the reliance on common components within the audio industry and the potential for cascading security risks.
How the Vulnerabilities Work
Researchers at cybersecurity firm ERNW presented their findings at the TROOPERS security conference, detailing three distinct vulnerabilities within Airoha’s systems on a chip (SoCs). These SoCs are commonly used in True Wireless Stereo (TWS) earbuds and other Bluetooth audio products. While exploitation isn’t trivial, requiring both close proximity and a degree of technical expertise, the potential consequences are concerning.The identified vulnerabilities are categorized as follows:
CVE-2025-20700 (Medium Severity): A lack of proper authentication for Generic Attribute Profile (GATT) services. This could allow unauthorized access to device features.
CVE-2025-20701 (Medium Severity): Missing authentication for Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) connections. This opens the door for potential man-in-the-middle attacks.
* CVE-2025-20702 (High Severity): critical flaws within a custom protocol implemented by Airoha. This represents the moast significant risk, potentially enabling more extensive control over the device.
Proof of Concept and Potential Impact
ERNW researchers successfully demonstrated a proof-of-concept exploit, showcasing their ability to determine the song currently playing on a vulnerable pair of headphones. While this example is relatively benign, it illustrates the potential for more malicious activities. In certain scenarios, an attacker within Bluetooth range could potentially extract a user’s call history and contact list from a connected smartphone. This is analogous to an unsecured Wi-Fi network allowing unauthorized access to connected devices – the Bluetooth connection becomes a pathway for data compromise.
Staying Protected
Currently, there are no widespread firmware updates available to address these vulnerabilities. Users are advised to exercise caution when pairing with unknown Bluetooth devices and to remain aware of their surroundings when using Bluetooth audio equipment in public spaces. Manufacturers are urged to prioritize the development and deployment of security patches to mitigate these risks and protect their customers. As Bluetooth technology becomes increasingly integrated into our daily lives, proactive security measures are crucial to safeguarding user privacy and data.